...
Then they hit a character that is a special character in the medium they are using. This data needs to be escaped to make it work.
See HTML entities or XML for example - < > &
File special characters like / \ : , spaces and unicode
JSON special characters like [, ] , { }, “ ,'
Also look at the simple templating function for HTML which is safe by design.